- The challenge has 8 flags to be found
- The challenge description hints us to scan for the first 1000 ports of the given IP
- Upon scanning the given IP we find 7 ports open , which includes 80 (website) , 22 (ssh) and 234 which has unknown service
- Upon running a gobuster scan on the given website , we find robots.txt and login.html available
- When visiting the robots.txt , we find f1ag.txt as disallowed , but upon visting the f1ag.txt , we find our first flag
- Flag = p3nt35t{7HErEs_AlwAys_4_BI9ger_F1sh}
- We then visit the login.html page , which asks for a username and password
- Sqli attack is done ('OR 1=1#) which allows us to login
- We then find multiple usernames and passwords. These credentials are once again used to login to the website
- While logging in with admin username and password nimda!@ , we find a flag hidden within the html. We also get the hint that the user name is anakin
- Flag = p3nt35t({w31Com3_70_tHe_DarK_5Ide}
- We then do a hydra brute-force on the server with username as anakin and passworsd list as rockyou.txt
- We find the password to be rockyou
- Logging in we find a user.txt which has another flag
- Flag = p3nt35t{_I_4m_y0ur_f4th3r}
- Remember we found port 234 to be open. Upon doing a netcat connect command , we find another flag
- Flag = p3nt35t{M4y_th3_F0rc3_b3_w1th_y0u}
- Upon enumerating the machine with linpeas (which is scp from our machine) we find a jpg file present in the Pictures directory called Baby_Darth.jpg
- The file is copied to our machine and strings is run over it
- We then find a base64 encoded string hidden in the file
- Upon decrypting we find another flag
- Flag = p3nt35t{TH3_F0rC3_4w4kEn5}